로그인 필터
jwt필터 등록
JwtAuthorizationFilter 등록
package shop.mtcoding.todayhome.core.filter; import com.fasterxml.jackson.databind.ObjectMapper; import jakarta.servlet.*; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpSession; import jdk.swing.interop.SwingInterOpUtils; import org.springframework.stereotype.Component; import shop.mtcoding.todayhome.core.util.JwtUtil; import shop.mtcoding.todayhome.core.util.Resp; import shop.mtcoding.todayhome.user.User; import java.io.IOException; import java.io.PrintWriter; public class JwtAuthorizationFilter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; String accessToken = req.getHeader("Authorization"); if(accessToken == null || accessToken.isBlank()){ System.out.println("토큰 없음"); resp.setHeader("Content-Type","application/json; charset=utf-8"); PrintWriter out = resp.getWriter(); Resp fail = Resp.fail(401, "토큰이 없어요"); String responseBody = new ObjectMapper().writeValueAsString(fail); out.println(responseBody); out.flush(); return; } try { User sessionUser = JwtUtil.verify(accessToken); System.out.println("id-- : " + sessionUser.getId()); System.out.println("username-- : " + sessionUser.getUsername()); HttpSession session = req.getSession(); session.setAttribute("sessionUser", sessionUser); chain.doFilter(req, resp); }catch (Exception e){ // resp.setHeader("Content-Type","application/json; charset=utf-8"); resp.setContentType("application/json; charset=utf-8"); PrintWriter out = resp.getWriter(); Resp fail = Resp.fail(401, e.getMessage()); String responseBody = new ObjectMapper().writeValueAsString(fail); out.println(responseBody); out.flush(); } } private void failJWT(){ } }
jwt토큰 생성 및 검증로직등록
Jwt 생성 및 검증 util 생성
package shop.mtcoding.todayhome.core.util; import com.auth0.jwt.JWT; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.interfaces.DecodedJWT; import shop.mtcoding.todayhome.user.User; import java.util.Date; public class JwtUtil { public static String create(User user){ String accessToken = JWT.create() .withExpiresAt(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 24 * 7)) .withClaim("id",user.getId()) .withClaim("username", user.getUsername()) .sign(Algorithm.HMAC512("meta")); return accessToken; } public static User verify(String jwt){ jwt = jwt.replace("Bearer ", "").trim(); DecodedJWT decodedJWT = JWT.require(Algorithm.HMAC512("meta")).build().verify(jwt); int id = decodedJWT.getClaim("id").asInt(); String username = decodedJWT.getClaim("username").asString(); System.out.println("id: " + id); System.out.println("username: " + username); return User.builder() .id(id) .username(username) .build(); } }
로그인 요청과 응답 과정
Requset
{ "username":"ssar", "password":"1234" }
controller
@PostMapping("login") public ResponseEntity<?> login(@RequestBody UserRequest.LoginDTO loginDTO){ UserResponse.LoginDTO responseDTO = userService.로그인(loginDTO); return ResponseEntity.ok() .header("Authorization","Bearer " + responseDTO.accessToken()) .body(Resp.ok(responseDTO)); }
Service
public UserResponse.LoginDTO 로그인(UserRequest.LoginDTO loginDTO) { User userPS = userRepository.findByUsernameAndPassword(loginDTO.getUsername(), loginDTO.getPassword()) .orElseThrow(() -> new ExceptionApi401("아이뒤 또는 이메일이 틀렸습니다.")); String accessToken = JwtUtil.create(userPS); return new UserResponse.LoginDTO(accessToken, userPS); }
repository
public interface UserRepository extends JpaRepository<User, Integer> { @Query("select u from User u where u.username=:username and u.password=:password") Optional<User> findByUsernameAndPassword(@Param("username") String username, @Param("password") String password);
로그인 응답 postman
로그인 결과화면
추가 로그인 oauth
Share article
